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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply, will, by statute, cause the application to become ABANDONED (35 U.S. C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)IEI Responsive to communication(s) filed on 15 April 2005 . 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 1-23 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-23 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)Q accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Claims 1-23 have been considered. 

Claim Rejections - 35 USC §112 

5 Claims 10 and 11 are rejected under U.S.C. 112, 4 th paragraph. Claim 10 is a dependent 

claim which fails to further limit independent claim 1 on which it depends. It is well known in the 
art that lexical analysis is the process of taking an input string and producing a sequence of 
tokens. Since the data stream is lexically analyzed according to claim 1 part c, it is assumed that 
a series of tokens has been produced as a result. Claim 1 1 is also rejected for depending on 
10 claim 10. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 

basis for the rejections under this section made in this Office action: 

15 A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in 
a printed publication in this or a foreign country, before the invention thereof by the 
applicant for a patent. 

20 

Claims 1,7-9,13-16, and 22-23 are rejected under 35 U.S.C. 102(a) as being anticipated 
by Fermoyle, (Fermoyle, Ken. Firm Offers Free Tool to Fight 'Love You' Virus. June 2000. 
Ottawa PC User's Group). 

25 As per claims 1 and 13-16, the applicant describes a method of detecting a script 

language virus comprising the following limitations which are met by Fermoyle: 

a) preparing language description data corresponding to at least one script language 
(paragraph 8); 

b) preparing detection data for viral code corresponding to the script language virus 
30 (paragraph 8); 
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c) lexically analyzing a data stream using the language description data and the detection 
data to detect the viral code (paragraph 8); 

As per claim 7, the applicant limits the method of claim 1, which is met by Fermoyle (see 
5 above), with the following limitation which is also met by Fermoyle: 

Further comprising setting language definition rules for each of the at least one script 
language (paragraph 8); 

The MailMarshal uses language definition rules to search for particular keywords within 
the viruses. 

10 

As per claims 8,9, and 22, the applicant limits claims 1 and 16, which are met by 
Fermoyle (see above), with the following limitation which is also met by Fermoyle: 

Wherein the detection data comprise at least one test, wherein each of the at least one 
test correspond to a pattern match or a cyclical redundancy check (paragraph 8); 
15 The MailMarshal system uses pattern matching. MailMarshal monitors for particular 

keywords within a message. If the keywords "I love you" were searched for, for example, any 
identification of this pattern of words would cause the scanner to believe that the message is viral. 

Regarding claim 9, part c) is met by the rejection above. Parts a) and b), in which 
samples of the viral code are obtained and analyzed, are met through the nature of the 
20 MailMarshal which obtains incoming messages (which are sometimes viral) and lexically 
analyzes them to determine whether or not they are in fact viral. 

As per claim 23, the applicant limits the apparatus of claim 16, which is met by Fermoyle 
(see above), with the following limitation which is also met by Fermoyle. 
25 Wherein detection engine converts the data stream to a stream of tokens using lexical 

analysis, and the tokens correspond to respective language constructs (paragraph 8); 

As described earlier, the conversion of the data stream to a stream of tokens is implicit in 
the use of lexical analysis as described in part c) of claim 16. The fact that the tokens correspond 
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to respective language constructs is met by the MailMarshal in the particular instance described 
because a script language virus (the 1 love you" virus) is being lexically analyzed. The tokens 
would be language constructs of the script language virus. 

5 Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
1 0 matter sought to be patented and the prior art are such that the subject matter as a whole 

would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

15 

Claims 2-3 and 17-18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Fermoyle in view of Frame Technology. 



As per claim 2-3 and 17-18, the applicant limits the method of claims 1 and 16, which are 
20 met by Fermoyle (see above), with the following limitation which is met by Frame Technology: 

Wherein the language description data correspond to Dynamic Finite Automata; 

As discussed by Frame Technology, one anti-viral technique is the use of finite automata 
which have states which vary and are dynamic. Since the states are dynamic, a set of transitions 
and next states is understood. 

25 

Claims 4-6 and 19-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Fermoyle. 

As per claims 4 and 19, the applicant limits the method of claims 1 and 16, which are met 
30 by Fermoyle (see above), with the following limitation which is also met by Fermoyle: 
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Wherein the language description data correspond to language definition rules and 
language check rules (paragraph 8); 

As discussed above, the scanner uses language definition rules in the form of keywords 
or groups of keywords to determine whether a message is viral. However, the use of language 
5 check rules is not mentioned. As defined by the applicant, language check rules are 

characteristics of the target script languages which differentiate one language from another 
language (Specification page 8). Other than the obvious difference in that the keywords the 
scanner looks for are different, there is no mention of differentiation of rules for the different 
viruses. Since different viruses are searched for (paragraph 1), it would have been obvious to 
10 one of ordinary skill in the art at the time the invention was filed to have appropriate language 
check rules for the different languages. 

As per claims 5 and 20, the applicant limits the method of claims 4 and 19, which are met 
by Fermoyle (see above), with the following limitation which is also met by Fermoyle: 
15 Wherein the lexical analysis includes one or more pattern matches based on the 

language definition rules (paragraph 8); 

The use of pattern matching is present in Fermoyle and discussed in the rejection for 
claim 8 and 22. However, claims 5 and 20 are rejected under U.S.C. 103(a) because they 
depend on claims 4 and 19. 

20 

As per claims 6 and 21, the applicant limits the method of claims 4 and 19, which are met 
by Fermoyle (see above), with the following limitation which is also met by Fermoyle: 

Wherein a script language used by the data stream is determined by the lexical analysis 
using the language check rules; 
25 The particular language used is determined through the monitoring of keywords. 

However, the particular language used is not determined through the language check rules 
because no language check rules are mentioned. Since different viruses are searched for 
(paragraph 1), it would have been obvious to one of ordinary skill in the art at the time the 
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invention was filed to have appropriate language check rules for the different languages which 
allow the scanner to know which script language is being used. 

Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over Fermoyle in view 
5 of the applicant's admitted prior art. 

As per claim 12, the applicant describes the method of claim 10, which is met by 
Fermoyle (see above), with the following limitation which is met by the applicant's admitted prior 
art: 

10 Wherein a cyclical redundancy check is performed on the stream of tokens to detect viral 

code; 

As discussed by the applicant on page 3 of the Specification, one type of anti-virus 
technique is cyclical redundancy check. It would have been obvious to one of ordinary skill in the 
art at the time the invention was filed to combine the ideas of the applicant's admitted prior art 
15 with those of Fermoyle and use a cyclical redundancy check on the stream of tokens for another 
way to detect viral code using the well-known CRC method on the stream of tokens created by 
the lexical scanning of the MailMarshal. 

Response to Arguments 

20 Applicant's arguments filed 4/14/05 with respect to claims 10 and 1 1 have been fully 

considered but they are not persuasive. According to a definition provided by 
thefreedictionary.com, lexical analysis is the process where a stream of characters is grouped 
into a stream of tokens. The examiner has cited the definition and included it in this action. 

25 Applicant's arguments with respect to claim 1 have been fully considered but they are not 

persuasive. The applicant argues that the primary reference, Fermoyle merely mentions 
monitoring keywords through lexical scanning and does not disclose or suggest that lexical 
analysis should be performed for virus detection. The examiner disagrees. Fermoyle discloses 
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that lexical analysis is used by the MailMarshal program to thwart the "I Love You" script virus. 
The language description data are the keywords which are monitored by the detection data of the 
MailMarshal program. 

5 Applicant's arguments with respect to the web document copyrighted 2003 have been 

fully considered but they are irrelevant. The document was not used in any rejection. As 
explicitly stated in the first office action, the examiner included the document only as a matter of 
reference. 



1 0 Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS 
from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the 

15 mailing date of this final action and the advisory action is not mailed until after the end of the 

THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the 
date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will the statutory 
period for reply expire later than SIX MONTHS from the mailing date of this final action. 

20 Any inquiry concerning this communication or earlier communications from the examiner 

should be directed to Kevin Schubert whose telephone number is (571) 272-4239. The examiner 
can normally be reached on M-F 8:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on (571) 272-3868. The fax phone number for the 

25 organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR system, 
5 see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




10 



ANDREW CALDWELL 
SUPERVISORY PATENT EXAMINER 



